Wednesday, August 13, 2008

Security Researcher Asserts Russian Role in Georgia Cyber Attacks

A security researcher claims to have uncovered evidence suggesting a link between the Russian government and the cyber-attacks launched against Georgia.

Don Jackson, director of threat intelligence at Atlanta-based SecureWorks, said in an interview with eWEEK there may have been multiple forces pulling the digital strings behind the attacks. According to Jackson, incident responders in Georgia supplied logs showing traffic to and from bots on their own networks with command and control IP addresses that are in ranges that belong to state-operated companies for which no previous record of activity of any kind exists.

“We know that the Russian government controls those servers theoretically, if they have not been pwned by somebody else,” he said.

According to SecureWorks, most of the changes in routing information that block traffic to Georgian IP address space were carried out by government-run ROSTELECOM and the Moscow-based COMSTAR network. Those networks were also the launch points for DDoS (distributed-denial-of-service) attacks and cache poisoning attempts targeting DNS servers for major Georgian networks as well, as were parts of Turkish networks controlled by members of the RBN.